In this notice “MTN”, “we”, “our” and “us” refer to MTN Liberia Communication Plc (“MTN”) a public limited liability company, incorporated in the Republic of Liberia with registration number 395010 and its principal office at MTN Plaza, Falomo Roundabout, Awolowo Road, Ikoyi, Lagos. [We are committed to protecting and respecting your privacy. This Employee Privacy Notice describes our commitment to the fair and transparent processing of your Personal Data, including your privacy rights in relation to the Personal Data we Process.
MTN is committed to being transparent with you regarding the collection and Processing of your Personal Data (including Sensitive Personal Data). This is not intended to be an exhaustive list of Personal Data / Sensitive Personal Data that MTN may Process and all potential purposes for Processing. Instead, it indicates the typical Personal Data Processed in the employment context and the general purposes of such Processing.
MTN will endeavor to inform you if we intend to Process your Personal Data (including Sensitive Personal Data) for any additional purposes prior to collecting or Processing that Personal Data
This notice applies to two primary groups of individuals with whom MTN has, had or may in the future have an employment relationship:
(collectively referred to as “MTN Employees” / “you” / “your”).
Where there are differences in the Processing of Personal Data by MTN with respect to current employees compared to former employees, we have made this clear through the use of sub-headings. Where there are no such sub-headings then the Processing applies to both current employees and former employees.
|Applicable Data Privacy Law(s)||Data privacy and data protection legislation and regulations applicable to the Processing of Personal Data carried out by MTN , or for or on behalf of MTN .|
|Data Subject||Means an identified or identifiable natural person, including current and former MTN Employees. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It shall also include any additional persons afforded data privacy rights and protection of Personal Data in terms of Applicable Data Privacy Law(s).|
|Local Regulatory Requirements||Legal, statutory, regulatory, license conditions rules, guidelines, Ministerial/National Security orders or directives, and Directives relating to Public safety (where applicable) and Data Sovereignty*-related requirements with which MTN is required to comply by applicable authorities in the jurisdictions in which MTN operates or where Personal Data is Processed by MTN or on its behalf.
*Data Sovereignty relates to the laws and governance structures that Personal Data is subject to, due to the geographical location of where it is Processed.
|Personal Data||Means any information relating to a Data Subject. Examples of “Personal Data” includes, but is not limited to, the following:
• a name;
• any identifying number, symbol;
• contact information (e.g. e-mail address, postal address, telephone number);
• location data or physical address;
• online identifier or unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number or other assignment to the person;
• the biometric information of the Data Subject;
• the personal opinions, views or preferences of the Data Subject;
• correspondence sent by the Data Subject that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
• the views or opinions of another person about the Data Subject;
• the name of the Data Subject if it appears with other Personal Data relating to the Data Subject or if the disclosure of the name itself would reveal information about the Data Subject; and
• Sensitive Personal Data.
|Personal Data Breach||Means an event or occurrence (including but not limited to a breach of security) leading to the accidental or unlawful destruction, loss or damage, alteration, disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.|
|Processing||Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, including collection, receipt, recording, organization, structuring, collation, storage; adaptation or alteration, updating, retrieval, consultation, use, dissemination, disclosure by means of transmission; or otherwise making available, alignment or combination, merging, restriction, erasure, destruction, and/or degradation.|
|Sensitive Personal Data||A sub-set of Personal Data that is considered more sensitive than other categories of Personal Data. Sensitive Personal Data includes, but is not limited to, Personal Data revealing a Data Subject’s racial or ethnic origin; political opinions or persuasions; religious or philosophical beliefs; trade union membership; criminal behavior relating to the alleged commission of a crime or proceedings relating to the alleged commission of a crime; genetic data; biometric data; data concerning health; and/or data concerning a Data Subject’s sex life or sexual orientation.|
To run our business, MTN collects, uses, and stores Personal Data about MTN Employees.
In addition to the information collected about you during the recruitment process, we also collect, use, and store the following additional information in respect of current employees:
MTN continues to store the above information (related to current employees) in respect of former employees, insofar as this information was collected during the former employee’s employment with MTN and subject to MTN’s retention policies and procedures.
In some cases, the Personal Data of MTN Employees that we collect will also include Sensitive Personal Data, such as:
During your employment with MTN, most of the Personal Data will be collected directly from you. However, there are also occasions when it is necessary to collect Personal Data from indirect sources for example, we collect Personal Data from:
MTN is committed to only processing Personal Data for specified, explicit, and legitimate purposes related to its business activities. The general purposes for which MTN may Process your Personal Data are explained below.
We Process the Personal Data of current employees to inter alia:
Further to the above, your computer-related Personal Data (e.g., username, installed software, IP address, computer name, location, etc.) is used for the purposes of tracking and managing computing assets such as software licensing and hardware systems, installation of additional software applications, etc. to the extent necessary for the purposes below:
Generally, we do not actively Process the Personal Data of former employees but do store former employees’ Personal Data in accordance with our retention policies and/or to comply with the retention periods prescribed in terms of Local Regulatory Requirements and Applicable Data Privacy Laws (s) that apply to MTN.
There may be circumstances that require us to actively Process the Personal Data of former employees for example:
MTN will not further Process Personal Data for any purpose that is incompatible with the original purpose that the Personal Data was collected for unless:
|— Processing of Personal Data is necessary for the performance of a contract to which you are a party or in order to carry out actions necessary for the conclusion of a contract to which you are a party.||– Managing external providers (e.g., insurance companies, pension funds, medical insurance) in terms of the employment contract.
– Managing the payment of your remuneration and other agreed benefits.
|— Processing of Personal Data is necessary in order to comply with legal obligations, such as Local Regulatory Requirements, to which MTN is subject.||— Replying to an official request from a public or judicial authority with the necessary authorization.
— Comply with any legal obligations imposed on MTN in relation to its people (including tax and employment laws).
|— Processing is necessary for pursuing the legitimate business interests of MTN or of a Third Party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data.
|— Preventing fraud or criminal activity and to safeguard our IT systems, assets, and places of work.
— Meeting our corporate and social responsibility obligations.
— Monitoring our employees’ activities in the workplace, including compliance with internal policies as well as health and safety rules in place.
— To benefit from cost-effective services (e.g., we may opt to use certain IT platforms offered by suppliers) or share basic Personal Data with another MTN group entity if you transfer to that entity, for use by that entity in conducting legally required background checks without collecting the information from you again).
— Providing a centralized, approach to the provision of IT services to our employees, and enabling staff working for entities within the MTN group to interact with one another.
|— Processing of Personal Data is necessary in order to protect your vital interests or that of another natural person.||— For the health and safety of MTN Employees including supporting the administration of emergency lifesaving medicine.|
|— You have given consent to the Processing of your Personal Data for one or more specific purposes. You may withdraw such consent at any time.
|— We will only Process your Personal Data in this way if you agree to us doing so. For example, we request your consent to Process your Personal Data for recruitment purposes.
— We will ensure the purpose for Processing your Personal Data is clearly communicated at the time that we request your consent so that you can make an informed decision. We will also provide you with any other relevant information you require to make an informed decision.
When we Process your Sensitive Personal Data, we will rely on one of the following legal bases as appropriate having regard to the purpose of Processing:
There will be limited circumstances where we seek your consent to collect your Personal Data whilst employed at MTN. In these circumstances, the provision of your Personal Data is completely voluntary. For example, you may voluntarily choose whether or not to participate in MTN competitions, pilot programs for new services/products, share your dietary preferences for catering purposes, or be filmed or photographed as part of MTN’s campaigns or events.
MTN will indicate to you, at the time of collection, whether the provision of the Personal Data is mandatory either in its forms, written or verbal correspondence. When the provision of Personal Data is mandatory you are obliged to provide your Personal Data to us and we have established a lawful basis to collect that Personal Data from you. If you do not provide your Personal Data to us, we may either not be able to conduct the employment with you or, at least, you may be prejudiced when participating in certain processes such as performance feedback or career development.
It is voluntary for past employees to provide their Personal Data once their employment with MTN has concluded (for example in circumstances that past employees would like to participate in surveys or join the MTN Alumni).
MTN does not perform any automated decision making (including profiling) which results in legal consequences for you and/or which affects you in a similarly significant manner. Should this change in the future, we will notify you and update this privacy notice accordingly.
We make reasonable efforts to retain Personal Data only for so long as:
The retention of MTN Employee records will be in accordance with our retention policies and retention schedule These policies or relevant extracts may be requested by former employees by contacting MTN Data Protection Officer (DPO) .
Yes, we may share Personal Data with third parties, as necessary for our legitimate business needs, to carry out your requests, and/or as required or permitted by Local Regulatory Requirements and Applicable Data Privacy Law(s). This may include, but is not limited to:
Yes, MTN may transfer Personal Data outside of Liberia but only if such transfers are permitted in terms of Liberian Regulatory Requirements / Applicable Data Privacy Law(s).
MTN may transfer your Personal Data to other entities within the MTN group of companies. All MTN entities are bound by binding corporate rules which ensures that the MTN entity receiving your Personal Data protects your Personal Data in accordance with those binding corporate rules.
MTN may also transfer certain Personal Data outside of Liberia to third parties working with us or on our behalf for the purposes described in this Employee Privacy Notice. When transferring Personal Data internationally to third parties we will ensure your Personal Data will continue to be protected for example, by entering into binding data transfer agreements or by ensuring there are adequate data privacy laws, which require the relevant third party to adhere to the data handling and data protection requirements, acceptable to MTN.
MTN secures the integrity and confidentiality of the Personal Data in its possession or under its control by implementing appropriate, reasonable technical, physical, and organizational measures to prevent:
As part of its processes, MTN takes reasonable measures to regularly identify and assess all reasonably foreseeable internal and external risks to Personal Data in its possession or under its control and implements reasonable and appropriate technical, physical, and organizational security measures to protect against the identified risks.
While MTN implements reasonable measures to prevent or reduce the likelihood and impact of Personal Data Breaches, this risk can’t be completely eliminated. If MTN becomes aware of or reasonably suspects a Personal Data Breach has occurred or that the integrity or confidentiality of Personal Data has been compromised, MTN adheres to its Personal Data Breach Management Procedure governing the handling and reporting of Personal Data Breaches. This guideline is available to MTN Current Employees on the [INSERT NAME OF INTRANET] MTN will report personal data breaches to the Data Privacy Regulator within 72 hours of knowledge of such breach.
If MTN Processes Personal Data about you, you have the following rights:
You can make a request or exercise these rights by contacting MTN at firstname.lastname@example.org and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with Local Regulatory Requirements, Applicable Data Privacy Law(s), and internal policies.
If you have any questions or concerns regarding this Employee Privacy Notice and would like further information about how we protect your information and/or when you want to contact your local Data Protection Officer (DPO), please email us at email@example.com.
MTN may modify this Employee Privacy Notice from time to time to reflect our current privacy practices. When we make changes to this notice, we will revise the “effective” date at the top of this notice and any changes affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.